Skip to main content
SpringerLink
Log in
SpringerLink
Log in

A Scalable Malware Classification Based on Integrated Static and Dynamic Features

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability - The Security Challenges of the Connected World (ICGS3 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 630))

Abstract

This paper presents a malware classification approach which aims to improve precision and support scalability. To this end, a hybrid approach combining both static and dynamic features is adopted. The hybrid approach has the advantage of being a complete and robust solution to evasion techniques used by malware writers.

The proposed methodology allowed achieving a very promising accuracy of 99.41% in classifying malware into families while considerably reducing the feature space compared to competing approaches in the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anubis. http://anubis.seclab.tuwien.ac.at

  2. Hex-Rays. IDA Pro. https://www.hex-rays.com/products/ida/

  3. Hexcorn Ltd. HexDive. www.hexacorn.com

  4. Vxheaven. www.vxheaven.org

  5. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74320-0_10

    Chapter  Google Scholar 

  6. Bayer, U., Comparetti, P.M., Hlauscheck, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the 16th Symposium on Network and Distributed System Security (NDSS 2009), February 2009

    Google Scholar 

  7. Canzanese, R., Mancoridis, S., Kam, M.: Run-time classification of malicious processes using system call analysis. In: Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE 2015), pp. 21–28. IEEE, October 2015

    Google Scholar 

  8. Cesare, S., Xiang, Y., Zhou, W.: Malwise-an effective and efficient classification system for packed and polymorphic malware. IEEE Trans. Comput. 62(6), 1193–1206 (2013)

    Article  MathSciNet  Google Scholar 

  9. Chandramohan, M., Tan, H.B.K., Shar, L.K.: Scalable malware clustering through coarse-grained behavior modeling. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE 2012), pp. 27:1–27:4. ACM, November 2012

    Google Scholar 

  10. Gandotra, E., Bansal, D., Sofat, S.: Integrated framework for classification of malwares. In: Proceedings of the 7th International Conference on Security of Information Networks (SIN 2014), pp. 417:417–417:422. ACM (2014)

    Google Scholar 

  11. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009)

    Article  Google Scholar 

  12. Islam, R., Tian, R., Batten, L., Versteeg, S.: Classification of malware based on string and function feature selection. In: Proceedings of 2nd Cybercrime and Trustworthy Computing Workshop (CTC 2010), pp. 9–17. IEEE, July 2010

    Google Scholar 

  13. Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on intergrated static and dynamic features. J. Netw. Comput. Appl. 36, 646–656 (2013)

    Article  Google Scholar 

  14. Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. In: Proceedings of the 10th ACM International Conferernce on Knowledge Discovery and Data Mining (SIGKDD 2004), pp. 470–478. ACM, August 2004

    Google Scholar 

  15. Lee, T., Mody, J.J.: Behavioral classification. In: Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR 2006), April 2006

    Google Scholar 

  16. Mekky, H., Mohaisen, A., Zhang, Z.-L.: Separation of benign and malicious network events for accurate malware family classification. In: Proceedings of the IEEE Conference on Communications and Network Security (CNS 2015), pp. 125–133. IEEE, September 2015

    Google Scholar 

  17. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430. IEEE, December 2007

    Google Scholar 

  18. Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70542-0_6

    Chapter  Google Scholar 

  19. Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C., Bringas, P.G.: Idea: opcode-sequence-based malware detection. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 35–43. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11747-3_3

    Chapter  Google Scholar 

  20. Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine learning based malware detection. In: Herrero, Á. (ed.) International Joint Conference CISIS’12-ICEUTE’12-SOCO’12 Special Sessions. AISC, vol. 189, pp. 271–280. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Schultz, M., Eskin, M., Zadok, E., Stolfo, F.: Data mining methods for detection of new malicious executables. In: Proceedings of the 22nd IEEE Symposium on Security and Privacy (S&P 2001), pp. 38–49. IEEE, May 2001

    Google Scholar 

  22. Siddiqui, M., Wang, M.C., Lee, J.: Data mining methods for malware detection using instruction sequences. In: Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications (AIA 2008), pp. 358–368, February 2008

    Google Scholar 

  23. Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st edn. No Starch Press, San Francisco (2012)

    Google Scholar 

  24. Stolfo, S., Wang, K., Li, W.-J.: Towards stealthy malware detection. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection, pp. 231–249. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Tian, R., Batten, L., Islam, R., Versteeg, S.: An automated classification system based on the strings of trojan and virus families. In: Proceedings of 4th International Conference on Malicious and Unwanted Software (MALWARE 2009), pp. 23–30. IEEE, October 2009

    Google Scholar 

  26. Tian, R., Batten, L.M., Versteeg, S.C.: Function length as a tool for malware classification. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE 2008), pp. 69–76. IEEE, October 2008


    Google Scholar 

  27. Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010), pp. 23–30. IEEE, October 2010

    Google Scholar 

  28. Wang, C., Pang, J., Zhao, R., Liu, X.: Using API sequence and Bayes algorithm to detect suspicious behavior. In: Proceedings of the International Conference on Communication Software and Networks (ICCSN 2009), pp. 544–548. IEEE, February 2009

    Google Scholar 

  29. Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware categorization using cluster ensemble. In: Proceedings of the 16th ACM International Conference on Knowledge Discovery and Data Mining (SIGKDD 2016), pp. 95–104. ACM, July 2010

    Google Scholar 

  30. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 116–127. ACM (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, USTHB, Bab Ezzouar, Algeria

    Tewfik Bounouh & Zakaria Brahimi

  2. Architecture, Computing, and Engineering School, UEL, London, UK

    Ameer Al-Nemrat

  3. Division Sécurité Informatique, CERIST, Ben Aknoun, Algeria

    Chafika Benzaid

Authors
  1. Tewfik Bounouh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zakaria Brahimi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ameer Al-Nemrat
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chafika Benzaid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chafika Benzaid .

Editor information

Editors and Affiliations

  1. GSM London Meridian House, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Kaspersky Lab, London, United Kingdom

    David Emm

  4. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

  5. Northumbria University, London, United Kingdom

    Guy Brown

  6. Northumbria University, Newcastle upon Tyne, United Kingdom

    Graham Sexton

  7. QAHE with Northumbria University, London, United Kingdom

    Arshad Jamal

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Bounouh, T., Brahimi, Z., Al-Nemrat, A., Benzaid, C. (2016). A Scalable Malware Classification Based on Integrated Static and Dynamic Features. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51064-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51063-7

  • Online ISBN: 978-3-319-51064-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation